Application No. 08/949,525 

Wiener et al. 
REPLACEMENT SHEET 



L 



10 
12 



MULTI CLIENT 
MANAGER 
(CERTIFICATION 
AUTHORITY) 



SECURE 
ON-LINE 24. 
PATH 



in 



22 



DIRECTORY 
CERITFICATE 
WITH PUBLIC KEY 
FOR ENCRYPTION 





CLIENT CLIENT CLIENT 



FIG. 1 



i 



25 



C 



USER LOGIN 



26 



DETERMINE DIG. 
SIGNATURE 
LIFETIME AND 
CREATION TIME 
FROM DIG. SIGN. 
CERTIFICATE DATA 




CONTACT MANGER 
TO ESTABLISH NEW 
KEY SIGNING PAIR - 
CLIENT GENERATES 

KEY PAIR AND 
SENDS PUBLIC KEY 
TO MANAGER BY 
PROTECTED DIG. 
SIGNATURE AND 
ENCRYPTED 
MESSAGE 



Application No. 08/949,525 

Wiener et al. 
REPLACEMENT SHEET 



34 



PROVIDE SELECTABLE 
CERTIFICATE LIFETIME AND 

PRIVATE KEY LIFETIME 
DATA FOR EACH SELECTED 
CLIENT (ON A PER CLIENT 
BASIS) 



.36 



STORE SELECTED 
DATA VALUES FOR 

EACH CLIENT IN 
CLIENT MANAGER 
DATABASE 



VERIFY 
AUTHENTICITY OF 
CLIENT AND DATA 

FROM CLIENT 
REQUEST USING 
PKIX Part 3 



.42 



CLIENT GENERATES 
NEW DIGITAL 
SIGNATURE KEY 
PAIR 



44 



CLIENT SENDS NEW 
DIG. SIGN. PUBLIC 
KEY PAIR TO 
MANAGER 




.46 



MANAGER CREATES 

NEW DIG. SIGN. 
CERTIFICATE WITH 
SELECTED EXPIRY DATA 

BY ASSOCIATING 
SELECTED EXPIRY DATA 
WITH NEW KEY PAIRS 



48 



SEND NEW DIG. 
SIGN CERTIFICATE 
TO REQUESTING 
CLIENT 



50 



WAIT FOR ANOTHER 
CLIENT REQUEST 

OR NEW SELECTION 
OF EXPIRY DATA 



FIG. 2 

DIGITAL SIGNATURE 
KEY PAIR UPDATING 



Application No. 08/949,525 

Wiener et ai. 
REPLACEMENT SHEET 



60 



USER LOGIN 



62 



DETERMINE 
ENCRYPTION 
LIFETIME AND 
CREATION TIME 
FROM ENCRYPTION 
CERTIFICATE DATA 



NO 

^ „ 64 

IS 

REMAINING 
LIFETIME LESS 
THAN 100 DAYS AND 
JS TOTAL LIFETIME^ 
^T LEAST 50%y 
OVER? 



YES 



L 



66 



CLIENT GENERATES 

ENCRYPTION 
UPDATE REQUEST 
AND GENERATES 

KEY PAIR AND 
SENDS PUBLIC KEY 
TO MANAGER BY 
PROTECTED DIG. 
SIGNATURE AND 
ENCRYPTED 
MESSAGE 



68 



PROVIDE SELECTABLE 
ENCRYPTION CERTIFICATE 
LIFETIME DATA FOR EACH 
SELECTED CLIENT (ON A 
PER CLIENT BASIS) 



70 



STORE SELECTED 
DATA VALUES FOR 

EACH CLIENT IN 
CLIENT MANAGER 
DATABASE 



VERIFY 
AUTHENTICITY OF 
CLIENT AND DATA 

FROM CLIENT 
REQUEST USING 
PKIX Part 3 



.76 



CLIENT GENERATES 
NEW ENCRYPTION 
KEY PAIR 



78 



CLIENT SENDS NEW 
ENCRYPTION KEY 
TO CLIENT 
MANAGER (AND 
PRIVATE KEY PAIR IF 
DESIRED) 




.80 



MANAGER CREATES 
NEW ENCRYPTION 
CERTIFICATE WITH 
SELECTED EXPIRY DATA 

BY ASSOCIATING 
SELECTED EXPIRY DATA 
WITH NEW KEY PAIRS 



r 



82 



SEND NEW 
ENCRYPTION 
CERTIFICATE TO 
REQUESTING 
CLIENT 



r 



84 



WAIT FOR ANOTHER 
CLIENT REQUEST 

OR NEW SELECTION 
OF EXPIRY DATA 



FIG. 3 

ENCRYPTION KEY 
PAIR UPDATING 



Application No. 08/949,525 

Wiener et al. 
REPLACEMENT SHEET 



Ob 



24 



USER LOGIN 



L 



26 



DETERMINE DIG. 
SIGNATURE 
LIFETIME AND 
CREATION TIME 
FROM DIG. SIGN. 
CERTIFICATE DATA 



.28 



NO / IS nT 
REMAINING^ 
LIFETIME LESS 
THAN 100 DAYS AND 
S TOTAL LIFETIME 
T LEAST 50V 
OVER?> 



YES 



30 



CONTACT MANAGER 
TO ESTABLISH NEW 
SIGNING KEY 
PAIRCLIENT 
GENERATES KEY 
PAIR AND SENDS 
PUBLIC KEY TO 
MANAGER BY 
PROTECTED DIG. 
SIGNATURE AND 
ENCRYPTED 
MESSAGE 



34 



PROVIDE SELECTABLE 
CERTIFICATE LIFETIME AND 

PRIVATE KEY LIFETIME 
DATA FOR EACH SELECTED 
CLIENT (ON A PER CLIENT 
■ BASIS) 



r 



36 



STORE SELECTED 
DATA VALUES FOR 

EACH CLIENT IN 
CLIENT MANAGER 
DATABASE 




VERIFY 
AUTHENTICITY OF 
CLIENT AND DATA 

FROM CLIENT 
REQUEST USING 
PKIX Part 3 



86 



MULTI-CLIENT 
MANAGER 
GENERATES NEW 
DIGITAL SIGNATURE 
KEY PAIR FOR EACH 
CLIENT 



\J1 



46 



MANAGER 
CREATES NEW DIG. 
SIGN. CERTIFICATE 
WITH SELECTED 
EXPIRY DATA BY 
ASSOCIATING 
SELECTED EXPIRY 
DATA WITH NEW 
KEY PAIRS 



I 



I 



88 



MANAGER SENDS 
NEW DIG. SIGN 
CERTIFICATE, PUBLIC 

KEY AND PRIVATE 
KEY TO REQUESTING 
CLIENT 



I 



■ 50 



WAIT FOR 
ANOTHER CLIENT 
REQUEST OR NEW 
SELECTION OF 
EXPIRY DATA 



FIG. 4 
MANAGER 
GENERATES 
DATA FOR DIG. 
SIGNATURE 
CERTIFICATE 



